-> "Generic YouTube Clone Script - XSRF: Arbitrary Code Injection" <-
Author: Pepepistola <Pepepistola_at_chxsecurity_dot_org>
Program: Generic YouTube Clone Script
Severity: Moderately Critical
Type of Advisory: Mid Disclosure
Affected/Tested Versions: – (* See below)
There multiple clone scripts make by multiple vendors but all share the
same mistakes
and even same code, so we couldnt determinate the right (or original)
vendor.
Dream to build your own highly profitable online video sharing community
just like YouTube or DailyMotion?
Unleash the power of video sharing to boost your websites' traffic &
revenues!
The "Email-Template" module has no file type validation and a remote
attacker could lead the admin
to create a especially crafted malicious email template that allows the
remote attacker to compromise
the entire system.
The Admin has the capabilities to create and a "Email-Template" that would
be stored in the directory:
/templates/emails/
Since the module doesn't have any file type validation the admin can upload
any arbitrary file type,
so a remote attacker can gain access by just leading the (already logged-in)
admin to and a specially
crafted (malicious) website that truth a Cross-site Request Forgery make the
admin automatically create
a email template.
This could lead to a remote attacker to gain access and further more
compromise the entire system.
ChX Security will not release any proof of concept.
By the moment there is no official solution provided by the vendor(s)…
ChX Security encourages to the website admins to just stay logged-in only
the necessary time and keep
logged-off at all time that you dont have to do any administration related
task.
Bug Found: 04/07/2007
Vendor Contact: --/–/–
Vendor Response: --/–/–
Public Disclosure: 06/07/2007
g30rg3_x, musashi, patoruzu, elvispresley, skyline2412 (p1mp4m)
ChX Security
http://chxsecurity.org/
(c) 2007
Copy: http://chxsecurity.org/advisories/adv-2-mid.txt
Pepepistola